Blog

Nov 21

Millions of Computers Affected By Intel Firmware Flaws

Security experts are awaiting more details from chipmaker Intel about two classes of vulnerabilities in remote management software and firmware that could put an organization's most trusted data at risk.

The vulnerabilities - affecting enterprise and consumer computers - exist in a variety of chips that Intel has released over the past several years, including the 6th, 7th and 8th generation Core processors, Xeon processors, Apollo Lake and Celeron processors, according to Intel's security alert.

It would appear that millions of computers from a range of vendors are affected. Although Intel has issued patches, desktop and laptop manufacturers will now have to create and distribute their own, customized patches.

The news comes during a U.S. holiday week in which many IT administrators might have been planning to enjoy some downtime. "So yeah on reflection I don't see many outcomes where this is fairly harmless so uh Happy Thanksgiving," writes Matthew Garrett, a security developer at Google, on Twitter.

One of the vulnerabilities came to light with the publishing of the agenda for the Black Hat Europe security conference, which takes place in December in London. The presentation on the flaw will be given by Mark Ermolov and Maxim Goryachy, both researchers at security firm Positive Technologies.

Management Engine

Some of the Intel chip problems revolve around Intel's Management Engine, which is effectively a small computer that is embedded into each Intel CPU. Other issues involve Intel's Active Management Technology, the software that runs on the ME - usually on enterprise-grade computers - and is used for remote troubleshooting.

The ME is a self-contained x86 system with its own RAM. It runs its own OS called MINIX and has a variety of features and capabilities, such as responsibility for verifying the lowest layers of boot security, including the firmware.

The ME also houses Intel's Platform Trust Technology, a software-based implementation of what are known as Trusted Platform Modules, which store credentials, keys and other sensitive data. For example, PTT can hold the secret keys to unlock data encrypted with Microsoft's BitLocker full-disk encryptipon technology.

Broadly, the vulnerabilities could undermine an entire system.

AMT Issues, Yet Again

AMT is an application that's designed to allow administrators to completely reinstall a system remotely or troubleshoot even if the OS is not working. It's capable of screen sharing without OS support, allowing technicians to remotely see what's going on.

Earlier this year, a vulnerability was found in AMT that allows an attacker to access the application remotely over the internet without the system password (see Intel's AMT Flaw: Worse Than Feared).

On the surface, that vulnerability sounded bad. But consumer-grade systems don't ship with AMT, and enterprises, for the most part, had it turned off. To exploit the flaw, AMT would have had to be turned on, which is a multistep process.

But around the time when the AMT vulnerability was announced, the Electronic Frontier Foundation warned more broadly that Intel's ME, along with the applications on it, posed a security risk.

"While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity," the EFF writes in a blog post. "The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility."

There's not a lot of detail about the latest vulnerabilities in AMT. But they imply that an attacker could execute arbitrary code in the context of AMT.

Still, victims might know something has gone awry. While screen sharing, users know that someone else is accessing their system because they see a flashing yellow and black border on the screen. It's unclear if an attacker could disable that alert.

Management Engine Troubles

The ME issues are arguably more worrisome. The description of the vulnerabilities indicates it may be possible for a local user who had access to a system to execute any code on the ME.

Rather than buy a chip with a TPM, some organizations license Intel's software-based PTT, which runs on the ME. So an attacker with access to the system conceivably might be able boot a computer from the USB drive, exploit the ME and steal the encryption keys, such as those for BitLocker, which are stored in the PTT.

The big mitigation with this attack scenario is that someone would have to have access to the machine. But combined with, say, a web browser vulnerability, an attacker might be able to reach the ME remotely.

Because the ME verifies that a computer's firmware hasn't been tampered with before executing, tampering with the ME could have big consequences. But it is unknown if an attacker would be able to modify the system state in such a way that every time the system is booted, the ME is compromised again.

If laptops go to sleep, reboot or if the machine is unplugged, the ME doesn't turn off. It will turn off if the battery completely runs out of power. On workstations, however, if the power is suddenly unplugged, the ME is shut off and will reboot. So in some scenarios, an exploit could survive even if the OS is rebooted.

That has broader implications. If a user tries to update a system or install new firmware, the ME is in the position to say it is performing the installation but not actually do it.

Because the ME is the root of trust on a system, the only way to verify if it is telling the truth is to dump the firmware and compare it to the legitimate firmware. If there is a discrepancy, fixing tainted firmware is a risky, time-consuming operation, and it's possible that the computer's hardware could be irrevocably broken.

Complicated Patches

Intel has issued patches for manufacturers to distribute. But the situation is far from straightforward.

The firmware for the ME is usually modified by individual OEMs. In order to patch, those companies will need to take what Intel has released and ensure compatibility. Because this affects systems going back several years, they will have to write the patches, test them thoroughly and only then make them available.

Remediation efforts are already underway. Lenovo, for one, says it will have updates ready by the end of November, which would appear to be an impressive feat.

To help affected organizations, Intel has released a tool that determines if the vulnerabilities are present in any of their systems.